Page 13 of 128 results (0.008 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. lib/rrd.php en Cacti 1.1.27 permite que administradores remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante el parámetro path_rrdtool en una petición action=save en settings.php. • https://github.com/Cacti/cacti/issues/1057 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. include/global_session.php en Cacti 1.1.25 tiene XSS relacionado con (1) la URI o (2) la acción refresh page. • http://www.securitytracker.com/id/1039569 https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd https://github.com/Cacti/cacti/issues/1010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. lib/html.php en Cacti en versiones anteriores a la 1.1.18 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) que se puede producir mediante el campo de título de un enlace externo añadido por un usuario autenticado. • http://www.securitytracker.com/id/1039226 https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24 https://github.com/Cacti/cacti/issues/918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Cacti 1.1.17 en el parámetro method en spikekill.php. • http://www.securityfocus.com/bid/100490 http://www.securitytracker.com/id/1039208 https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99 https://github.com/Cacti/cacti/issues/907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. spikekill.php en Cacti en versiones anteriores a la 1.1.16 puede permitir a los atacantes remotos ejecutar código arbitrario mediante el parámetro avgnan, outlier-start o outlier-end. • http://www.securityfocus.com/bid/100080 https://cacti.net/release_notes.php?version=1.1.16 https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e https://github.com/Cacti/cacti/issues/877 https://security.gentoo.org/glsa/201711-10 •